Skills
skills/amrhas82/agentic-toolkit/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script executes system-level commands using subprocess.run to invoke LibreOffice (soffice) and timeout utilities (timeout/gtimeout). It also programmatically creates directories and writes files to the user's application configuration path.
  • [DYNAMIC_EXECUTION] (MEDIUM): The function setup_libreoffice_macro generates a LibreOffice Basic macro (Module1.xba) as a string and writes it to the filesystem at runtime to enable the RecalculateAndSave functionality.
  • [PERSISTENCE] (MEDIUM): The skill modifies the user's persistent application environment by installing a macro into the LibreOffice Standard library. This script remains in the user's configuration directory after the skill execution completes.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The script ingests external Excel files and iterates through all cells using openpyxl. This represents a data ingestion surface where malicious content in a workbook could theoretically influence the agent's logic if the agent processes the resulting error summaries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:33 PM